Re: [PATCH] s390: protvirt: virtio: Refuse device without IOMMU
From: Pierre Morel
Date: Mon Jun 15 2020 - 07:51:06 EST
On 2020-06-15 05:01, Jason Wang wrote:
On 2020/6/12 äå7:38, Pierre Morel wrote:
On 2020-06-12 11:21, Pierre Morel wrote:
On 2020-06-11 05:10, Jason Wang wrote:
On 2020/6/10 äå9:11, Pierre Morel wrote:
Protected Virtualisation protects the memory of the guest and
do not allow a the host to access all of its memory.
Let's refuse a VIRTIO device which does not use IOMMU
protected access.
Signed-off-by: Pierre Morel <pmorel@xxxxxxxxxxxxx>
---
 drivers/s390/virtio/virtio_ccw.c | 5 +++++
 1 file changed, 5 insertions(+)
diff --git a/drivers/s390/virtio/virtio_ccw.c
b/drivers/s390/virtio/virtio_ccw.c
index 5730572b52cd..06ffbc96587a 100644
--- a/drivers/s390/virtio/virtio_ccw.c
+++ b/drivers/s390/virtio/virtio_ccw.c
@@ -986,6 +986,11 @@ static void virtio_ccw_set_status(struct
virtio_device *vdev, u8 status)
ÂÂÂÂÂ if (!ccw)
ÂÂÂÂÂÂÂÂÂ return;
+ÂÂÂ /* Protected Virtualisation guest needs IOMMU */
+ÂÂÂ if (is_prot_virt_guest() &&
+ÂÂÂÂÂÂÂ !__virtio_test_bit(vdev, VIRTIO_F_IOMMU_PLATFORM))
+ÂÂÂÂÂÂÂÂÂÂÂ status &= ~VIRTIO_CONFIG_S_FEATURES_OK;
+
ÂÂÂÂÂ /* Write the status to the host. */
ÂÂÂÂÂ vcdev->dma_area->status = status;
ÂÂÂÂÂ ccw->cmd_code = CCW_CMD_WRITE_STATUS;
I wonder whether we need move it to virtio core instead of ccw.
I think the other memory protection technologies may suffer from
this as well.
Thanks
What would you think of the following, also taking into account
Connie's comment on where the test should be done:
- declare a weak function in virtio.c code, returning that memory
protection is not in use.
- overwrite the function in the arch code
- call this function inside core virtio_finalize_features() and if
required fail if the device don't have VIRTIO_F_IOMMU_PLATFORM.
I think this is fine.
Thanks,
I try this.
Regards,
Pierre
--
Pierre Morel
IBM Lab Boeblingen